> Hello Squid users;
>
> I've been using AUTH_ON_ACCELERATION to help control access to squid
> servers that cache data from a primary Apache server. This works
> great in 2.5, but I've been playing around with Squid 3, and was
> wondering how to do the same thing with it. I've basically used this
> setup to get it to function (without requiring authentication):
>
> http_port 1234 defaultsite=10.0.0.25
> cache_peer 10.0.0.25 parent 80 0 no-query originserver
>
> Then I setup basic NCSA auth for testing:
>
> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/testing
> auth_param basic children 5
> auth_param basic realm Testing Squid Auth
> auth_param basic credentialsttl 2 hours
>
> But Squid just happily serves and caches data from 10.0.0.25 without
> requiring authentication.
>
> Is this possible anymore?
>
Certainly. You just need acess controls that check the authentication.
Squid later than 2.5 are capable of handling more than a single type of
request stream (foward, reverse, transparent, intercepted). So squid can
no longer assume authentication on all requests even if auth_* are setup.
You want something like:
acl something proxy_auth REQUIRED
Also, is the official public domain name "10.0.0.25" ? the defaultsite= ,
should be the FQDN expected when clients are broken and don't send one.
To reverse-proxy a website also the http_port needs 'accel' option.
See the FAQ for details
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
Amos
